MCP Inspector starts Authorization Code Flow with wrong redirect_uri #930
Description
Inspector Version
- 0.17.2
Describe the bug
I'm currently developing a MCP server that requires OAuth2 authentication. My Authorization Server supports DCR. When I try to connect to my MCP server with MCP Inspector, It sometimes begin authorization code flow with wrong client_id.
For example, MCP Inspector created OAuth Client with "http://localhost:6274/oauth/callback/debug", and begins authorization code flow with URL below:
as you can see, it requests with redirect_uri "http://localhost:6274/oauth/callback", which is different from what it created.
I guess it's MCP Inspector's bug. Could you please check this out?
To Reproduce
- prepare a MCP server that requires OAuth2 authentication
- prepare a OAuth2 Authorization Server related to the mcp server.
- make the Authorization Server to support DCR
- start MCP Inspector
- click "Open OAuth Settings" button
- follow the steps
- on "Request Authorization and acquire authorization code" step, see if this bug happens.
It didn't occur everytime I tried, sometimes it did. So I guess it's kind of tricky to reproduce.
Expected behavior
Start authorization code flow with redirect_uri that MCP Inspector request during DCR.
Screenshots
If applicable, add screenshots to help explain your problem.
Environment (please complete the following information):
- OS: macOS Sequoia 15.6.1
- Browser chrome
Additional context
Add any other context about the problem here.
Version Consideration
Inspector V2 is under development to address architectural and UX improvements. See CONTRIBUTING.md for information about V2 development.